Class DefaultWebInvocationPrivilegeEvaluator

  • All Implemented Interfaces:
    org.springframework.beans.factory.Aware, WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware

    public class DefaultWebInvocationPrivilegeEvaluator
    extends java.lang.Object
    implements WebInvocationPrivilegeEvaluator, org.springframework.web.context.ServletContextAware
    Allows users to determine whether they have privileges for a given web URI.
    Since:
    3.0
    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected static org.apache.commons.logging.Log logger  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean isAllowed​(java.lang.String contextPath, java.lang.String uri, java.lang.String method, Authentication authentication)
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
      boolean isAllowed​(java.lang.String uri, Authentication authentication)
      Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
      void setServletContext​(javax.servlet.ServletContext servletContext)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • logger

        protected static final org.apache.commons.logging.Log logger
    • Constructor Detail

      • DefaultWebInvocationPrivilegeEvaluator

        public DefaultWebInvocationPrivilegeEvaluator​(AbstractSecurityInterceptor securityInterceptor)
    • Method Detail

      • isAllowed

        public boolean isAllowed​(java.lang.String uri,
                                 Authentication authentication)
        Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
        Specified by:
        isAllowed in interface WebInvocationPrivilegeEvaluator
        Parameters:
        uri - the URI excluding the context path (a default context path setting will be used)
      • isAllowed

        public boolean isAllowed​(java.lang.String contextPath,
                                 java.lang.String uri,
                                 java.lang.String method,
                                 Authentication authentication)
        Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .

        Note the default implementation of FilterInvocationSecurityMetadataSource disregards the contextPath when evaluating which secure object metadata applies to a given request URI, so generally the contextPath is unimportant unless you are using a custom FilterInvocationSecurityMetadataSource.

        Specified by:
        isAllowed in interface WebInvocationPrivilegeEvaluator
        Parameters:
        uri - the URI excluding the context path
        contextPath - the context path (may be null, in which case a default value will be used).
        method - the HTTP method (or null, for any method)
        authentication - the Authentication instance whose authorities should be used in evaluation whether access should be granted.
        Returns:
        true if access is allowed, false if denied
      • setServletContext

        public void setServletContext​(javax.servlet.ServletContext servletContext)
        Specified by:
        setServletContext in interface org.springframework.web.context.ServletContextAware